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Introduction 


Welcome to The Email Fortress, from MakeUseOf. Over the next seven chapters, you'll learn 
how to lock down your inbox and secure one of the most important digital assets in 
your life! 


Email security is one of the most frequently overlooked areas of security that we regularly 
deal with. Considering how important your email account is, the information and private data 
it contains, and the issues it could create if any one breaches it, its security is paramount. 


But figuring out how to improve your email security isn’t always easy. For example, how do 
you spot phishing emails, one of the most common email security threats? And what about 
email encryption? Do you need to turn it on yourself, or does your email account come with 
encryption built-in? 


It doesn’t have to be complicated. It doesn’t even require much effort, but you can boost your 
email security by reading through The Email Fortress and its seven easy to follow chapters. 


Over the next seven chapters you are going to learn about: 


Chapter 1: Why email encryption is important and why email isn’t secure. 
Chapter 2: Common email security mistakes, spotting scam emails, and creating the 
perfect password. 

e Chapter 3: Learn all about turning on 2FA, using a VPN, and how to check your 
email securely. 

e Chapter 4: How do you choose a secure email provider? How do you check your 
emails in public securely? Here’s how! 

e Chapter 5: A look at all things encryption, including how to encrypt Outlook, whether 
to use OpenPGP, and which emails you should encrypt. 

e Chapter 6: Can your instant messaging service safely replace your secure email 
account? Is that even practical? 

e Chapter 7: The Email Fortress Roundup! 


You will find something new to learn in each section of this email security ebook, so be sure 
to read through each chapter for a new email security trick or tip! 


www.makeuseof.com 2 


Chapter 1 
Why Do You Need Secure Email? 


This chapter is a general look at why you need email security at all. 


Secure email is a cornerstone of a happy online existence. Every time you sign up for a new 
online service, you use your email address. When you forget a password, you use your 
email address to reset it. Your inbox contains addresses, phone numbers, personal 
information (about you and others!), and much more. 


And if an attacker makes their way into your email account, if they manage to break into and 
take over your account, they can almost instantaneously begin attacking your other 
accounts. Think; your Amazon, your Twitter, your Netflix, your online banking, and more. 


Email is deeply ingrained in society. The average office worker receives over 120 emails per 
day and sends out 40 in return. Email has become synonymous with an active, mobile 
workforce, too. And while many of us cannot do without email communication, managing, 
reading, and responding to the sheer volume of daily emails can feel overwhelming at times. 


The ease of access, the volume, and the ubiquitous nature of email does mean that as a 
society, complacency sets in. The combination of human error, spam and phishing email, 
and other security vulnerabilities mean your email account is more vulnerable than you 
realize. Furthermore, the constant barrage of security news—breaches, failings, 
vulnerabilities, insecurities, and more—leads to dissonance. Simply put, we stop caring 
when there is too much noise. 


Email Encryption Is Important 


Here’s something else for you to consider. 


Where is your email vulnerable? Like, the actual locations where your email is vulnerable to 
compromise. There are four main locations when someone else can grab your email. 


e Your devices. The device you read your email on, be that a smartphone, desktop, or 
so on. 

e The network. The network means the internet connection you’re using to access 
your email account. 

e The server. The server is where emails move from your account to your recipients; 
an online email server is also where your emails store so you can access them from 
anywhere, on any computer. 

e Your recipient device. The device your recipient is reading your email on. 


Did you get all four? Within those four locations are the overwhelming majority of places 


where a malicious party could access your email. The internet is more secure than ever 
before, with most sites and services now using the more secure HTTPS standard rather than 
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regular HTTP. However, even with the additional security offered by HTTPS, wouldn't you 
prefer an additional layer of protection? 


That’s where email encryption steps in. Just as sending an email has never been easier, 
adding an extra layer of encryption to your mail is just as simple. Encryption essentially 
wraps your email in a new layer of near-impenetrable data that stops a malicious party 
reading the contents of your email. (I say “near-impenetrable” as encryption comes in 
different strengths, encryption isn’t guaranteed to stay secure forever, and some encryption 
algorithms are already vulnerable.) 


For instance, if you send a regular email containing sensitive information, the email passes 
through a series of servers. If an attacker has compromised the server, there’s a strong 
chance they can read everything passing through the server. If you sent that same sensitive 
email with a layer of encryption, the attacker would have very little chance of reading the 
contents due to the difficulty of removing the additional security layer. 


ENCRYPTION & DECRYPTION 
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(Chapter 5 of this book is devoted to encrypting your emails!) 


The stakes are high. The attacker is likely to move swiftly on to other, less secure emails 
rather than attempting to attack and decrypt your private information. The effort isn’t worth 
it—unless you are a very high-worth individual, of course. 


Email Isn’t Secure! 


Always remember one thing: your email account isn’t secure, so don’t assume it is. The 
assumption of security is a major issue for all email users. The main email protocol (a 
protocol is a set of rules that dictate how something acts, in this case, how email is sent 
across the internet), SMPT (Simple Mail Transfer Protocol), has no integrated security 
mechanisms. Yup, that’s right. The main source of communication around the entire globe 
has no inherent security. 
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We've previously written about email security protocols in more detail if you would like to 
understand more. Protocols are a little dry, but they do underpin your email security, so I 
would advise reading the article for some interesting email security background 
information. 


Of course, email providers and servers have security built-in. Over the years, it became 
painfully obvious that using something as ubiquitous as email without security was bonkers. 
Security varies between email providers and email clients, so don’t assume you are 
protected—it might not be the case. 

Furthermore, this illustrates why taking the time to encrypt your email is so important. 


Before launching into the next chapter, please: 


e Read the email security protocol article, linked above. 
e Look through the ebook syllabus and figure out what interests you most! 


Keep reading for more tips on spotting spam and the perfect password for your email 
account. 
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Chapter 2 
Do You Make These Common Email Security 
Mistakes? 


One of the biggest problems facing us as regular email users is something 
basic—something that starts at home. That’s right; it’s us. 


The human connection is a constant thorn in the side of security and tech companies. There 
is no counting for what an individual can and will click on, or a weak password, or a poorly 
configured, insecure computer. 


In Chapter 2, you’re going to learn about the most common email security mistakes—and 
how you can avoid making them. 


Do You Make These Common Email Security Mistakes? 


When I say common email security mistakes, this is what | mean: 


Clicking on links in suspicious emails 

Poor spam filtering leading to an influx of malicious email 
Opening unsolicited email attachments 

Weak and reused passwords 


How to Spot Suspicious Scam and Phishing Emails 


According to Statista, over 300 billion emails are sent and received every day. Depending on 
where you find your stats and definitions, spam email accounts for anywhere between 5 
percent to 45 percent of all email sent every day. 


Statista puts this figure as high as 70 percent, whereas the 2018 Trustwave Global 
Security Report puts it as low as 39 percent. 
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Number of sent and received e-mails per day worldwide from 2017 to 2025 (in billions) 


376.4 
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Source Additional Information: 
he Radicati Group Worldwide; 2017 to 2020; for both business and private purposes 
Statista 2022 


Statista: number of emails sent and received worldwide 2017-2025 


Your inbox, then, is a hotbed of potential spam email. Within the dietary pills and Nigerian 
Prince emails lurk another kind of issue. Among the spam are cryptocurrency blackmails, 
extortion attempts, malicious invoices for regular internet services, and much more. 
However, they’re not always easy to spot. 


Average daily spam volume worldwide from October 2020 to September 2021 (in 
billions) 


@ The number of spam emails @ The number of emails 


Source Additional Information: 
isco Talos Intelligence Group Worldwide; October 2020 to September 2021 


Statista 2022 


Statista daily spam volume worldwide chart 2020-2021 


Don’t be downhearted. Just today | was sent a fake Amazon Prime invoice with a very 
similar renewal date to my own, and | almost clicked it out of confusion. And that confusion is 
what spammers, scammers and otherwise rely on. Casting doubt in the hope you click a link 
or download a file you really shouldn't. 
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There are five things you can do to quickly verify whether the email sent to you from 
Amazon, Netflix, or your bank are the real deal. 


1. Check the sender email address. Depending on the level of sophistication, the 
email address won't correlate to the institution allegedly sending it. If the sender 
email address for a supposed bank notification is “awesomehotstuff76@hotmail.com” 
you should be in no doubt that someone is attempting to scam you. 


2. Grammar and Spelling. It is trivially easy to spoof the sender email address to 
match an official account. The second major giveaway is the language and grammar 
in use. Are the language and grammar accurate? Is your name and title correct? 
Does the language and tone of the email sound strange? Misspellings, poor 
grammar, and completely incorrect information are giveaways that something is 
afoot. 


3. URGENT. What is the subject matter? Is it “URGENT: Your Account will XYZ”? 
Scammers and spammers know the best way to get into your mind is to use 
uncertainty. The uncertainty of an account in arrears, an unpaid bill, an outstanding 
old debt, or an unexpected account renewal notice is enough to grab the attention of 
most users (See my above experience with an Amazon phishing email for a prime 
example). 


4. Attachments. Emails with unexpected attachments are a big red flag. A seemingly 
harmless attachment can carry malware to infect your system. 


5. Links. The same goes for an email hyperlink. Scammers set up phishing sites that 
mimic login portals to steal your credentials. Don’t follow any links from an unsolicited 
email. 


The list isn’t exhaustive. Scammers come up with new ways to trick unsuspecting users all 
the time. Did you know that it takes around 12.5 million spam emails to get one response? It 
sounds like a huge amount, but considering the billions of spam emails sent every day, that 
still means around 10,000 people every day lose their credentials, install malware, send 
money to Nigeria, and respond to cryptocurrency scams. 


Phishing emails are extremely common, and a key part of converting those 12.5 million 


emails into a successful scam. Thankfully, there are numerous ways you can spot a phishing 
email. But at the end of the day, we’re all human, and things do happen. 


Turn Up Your Spam Filter 


Your email account has a spam filter. The filter checks incoming email from known spam 
addresses, for spammy content, malicious attachments, and spammy subject matter bars 
and sends it directly to your spam box. 
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Options Safe Senders Safe Recipients Blocked Senders International 


=, Outlook can move messages that appear to be junk email into a 
LØ special Junk Email folder. 


Choose the level of junk email protection you want: 

QO No Automatic Filtering. Mail from blocked senders is still moved 
to the Junk Email folder. 

oO Low: Move the most obvious junk email to the Junk Email folder. 


© High: Most junk email is caught, but some regular mail may be 
caught as well. Check your Junk Email folder often. 


O Safe Lists Only: Only mail from people or domains on your Safe 
Senders List or Safe Recipients List will be delivered to your 
Inbox. 


Permanently delete suspected junk email instead of moving it to 
the Junk Email folder 


W] Disable links and other functionality in phishing messages. 
(recommended) 


| Warn me about suspicious domain names in email addresses. 
(recommended) 


Cancel Apply 
Settings to adjust Microsoft outlook spam filters. 


Some filters are better than others. At other times, you need to tweak your spam filter 
settings to block the rubbish before it hits your inbox. Here's how you tweak your filters in 


Gmail to avoid unwanted incoming spam, while Outlook users can learn about 
adjusting their junk filters right here. 


Email Account Password 


Modern life requires online accounts. Online accounts require passwords. Passwords 
require attention because they’re key to stopping any attacker intruding into your account. 


Password management is tricky, due to the number of accounts and the difficulty required to 
create a strong enough unique password that you can actually remember. 


Deep down, in your digital heart, you know that reusing your basic “hunter2” password is 
wrong. But it makes life easy. The problem is that “hunter2” is a weak password that an 
attacker can crack in no time at all. 


So, what’s the key to making a secure, unique password? To get started, consider the 
following: 


It must be longer than eight characters. 

It must not use any identifying information: birthdays, pet names, birthplaces, etc. 
Don’t use dictionary words; they’re too easy to match. 

You should use a combination of letters, numbers, and symbols. 


ao NS 
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An ideal password looks like this: 


e Zwb2=*UwrP77"?ra 
e a%6HBT<*D[9>4z{p 
e Z982eyG}Zz%pF"N. 


This is a completely random string of upper- and lower-case letters, numbers, and symbols. 
It has no link to my person at all, and is also 16 characters in length. It will take a password 
cracker a long time to break through. Long enough that someone will give up and move onto 
other, easier targets. 


Use a Password Manager 


The second biggest security boost you can give yourself and your email security is using a 
secure password manager. A password manager securely stores your passwords. 
Depending on the password manager, you copy your password across, or the password 
manager automatically inserts the correct password for the account in question. 


If that sounds a little like wizardry, we’ve explained how password managers work in more 
detail. There are a fair few password management tools out there, so check out the 
MakeUseOf quide to choosing the right password manager for your needs. Best of all, 
that guide breaks down password management tools for each device, covering your 
smartphone, laptop, PC, and everything else in between. 


Before heading into the next section on email security: 
Check your inbox for any scam or spam emails (don’t click on them though!) 
Check your email provider and see what level your spam filter is set too 
Think about your passwords; are they strong enough, and could you use a password 


manager? 


Keep reading for the next lesson on email security protocols, how you can stop 
scammers spoofing your email address, and more email security tips. 
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Chapter 3 
How to Use Your Email Account Securely 


Chapter 3 is all about accessing and using your email securely, be that in your home or while 
connected to a free Wi-Fi connection in your favorite cafe. 


How to Use Your Email Account Securely 


According to SuperOffice, the number of people who check their emails on their smartphone 
jumped from 27% in 2011 to a whopping 81% in 2020. Moreover, mobile email users check 
their email around three times more than desktop users. In the hyper-connected world, 
checking your email on the go is a simple yet effective productivity tip. It isn't even a 
productivity tip; it is the easiest way to stay connected to family, friends, work, and everything 
else in-between. 


It is important, then, to keep all of your devices secure, be that a smartphone, laptop, tablet, 
or desktop. Here are seven things for you to consider: 


A aA & 


Use a Secure Password Beware Public Wi-Fi Use a VPN Anti-Malware Scans 


— 01001010101010 


101010104110 

1017 10101 

01c 3110010 
2001 WOOO] 


Update Your OS Turn on 2FA Add Encryption 


1. Make sure you set a secure device password. Your device password should not 
use a birthday, phone number, or anything easily linked to you. Ideally, you can use a 
combination of letters and numbers, like a proper password, or even a passphrase 
(an easily remembered phrase is a much longer device key than a single word). 


2. Avoid unsecured free public Wi-Fi. Many places offer free public Wi-Fi for their 


clients or guests. If you don't have to sign into the Wi-Fi network using a password, 
the connection is insecure, and your internet traffic could be vulnerable to attack. 
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Use a Virtual Private Network (VPN). If you do have to use an unsecured free Wi-Fi 
network, using a VPN is a vital security step. Using a VPN creates a private tunnel 
between your device and the VPN provider server, making sure no one can snoop on 
your data. 


Regular anti-malware scans. You can go to great lengths to use a secure email 
provider, but it won't matter a jot if an attacker installs keylogging or credential 
stealing malware on your system. Scan your system regularly with Malwarebytes 
(available for Windows, macOS, iOS, and Android), or better yet, upgrade to the 
premium version for live system protection. (Here are five excellent reasons to 
consider upgrading to Malwarebytes Premium!) 


Update your system. Install system updates. Sure, they can arrive at inconvenient 
times, but it is a smaller irritation than someone hacking your accounts with 
credentials stolen directly from you. 


Turn on 2-Factor Authentication. 2-Factor Authentication, or 2FA, adds another 
security layer to your account, sending a limited-use code to a separate device that 
you enter after your password. There are tips on using 2FA coming in tomorrow’s 
email security lesson, direct to your inbox. 


. Add encryption. If your current email provider doesn't support additional encryption 


levels, consider switching providers. If that isn't an option, a third-party encryption 
utility is what you need. 


About that last point, "Add encryption." You might note that I've not talked about third-party 
encryption utilities. You can find encryption tips and tools in Chapter 5 of this book. It’s worth 
sticking around for, that’s for sure. 


Sign-Up for a VPN 


The third point on how to check your email securely list above is “Use a Virtual Private 
Network.” You might have already heard the term “VPN.” Many people use a VPN to access 
video content in their native country when traveling abroad. That isn’t all VPNs are useful for, 
though. A VPN is a handy and cheap (sometimes free, but more on that in a moment) way to 
increase your security with very little effort. Here’s why: 


When you browse the internet, your device sends the data to your internet service 
provider (ISP), and the ISP routes the data to the correct website. The ISP and the 
website know where you are and in theory can read the data in transit. Whereas, 


A VPN creates a tunnel between your device and the VPN providers private server. 
All of the traffic from your device routes through the VPN tunnel first before emerging 
from the VPN provider server. You can choose the VPN server location, too, making 
your traffic appear as it was coming from an alternative location. 
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The VPN tunnel is encrypted, protecting your data from any prying eyes between your 
device and the VPN server. 


However, a VPN doesn’t directly encrypt or secure your emails. Using a VPN isn’t like 
encrypting an email directly within your email client or using a third-party encryption tool. 
Data transiting between your device and the VPN server is private and secure, but once it 
leaves the VPN server it is once again “in the wild.” 


That’s another great reason to keep reading (or skip forward!) Chapter 5, where you will 
learn about encrypting your emails on your computer. 


Use a Paid-For VPN Subscription 


Now, | said “sometimes free.” Why only “sometimes,” you might wonder? Well, the old 

internet adage goes “if you’re not paying for the product, you are the product.” It is a model 

we see with Google, Facebook, and countless other free internet services. VPNs are no 

different. Truly securing your connection does come at a small cost, and a paid for VPN 
lw rum fr ne. 


iW & 


Hackers 


10 0101 ( 
Encrypted tunnel 


Browsing the Internet Internet 


How a VPN works 
Luckily, there are numerous excellent VPN providers available that cost very little while 
providing an exemplary service. Some top VPN options that MakeUseOf suggest are 


NordVPN, CyberGhost, ExpressVPN, and Private Internet Access. 


Furthermore, we’ve previously looked at how to use NordVPN and whether you should use 
ExpressVPN or CyberGhost, along with VPNs you should avoid to protect your privacy. 


That said, not all free VPNs are doom and gloom. Many free VPNs will absolutely do in a 
pinch, offering a range of download options, server locations, and privacy settings. You'll find 
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both paid and free options handy for a range of situations, like if you want VPNs to watch 
Netflix or a VPN to use on your Amazon Fire Stick. 


How Do | Use a VPN? 


Well, once you decide on a VPN provider you will download their VPN software or app to 
your device. Before checking your emails when connected to a free Wi-Fi connection, fire up 
the VPN and connect to a secure server, then open your email account. Your traffic remains 
secure from malice! Remember, you can use your VPN to encrypt your web traffic at all 
times, not just when you use a public Wi-Fi connection. 


Many of the staff at MakeUseOf use a VPN at all times for the additional security and 
privacy. 


Next Steps 


Now, before reading through the next email security ebook chapter, think about the ways you 
can use email securely and how you currently check your inbox: 


e Consider updating and improving your device password; Chapter 2 had some handy 
tips on creating an almost-unbeatable password. 


e Sign up for a reputable VPN; be that a free VPN to figure out how they work or a paid 
option, a VPN gives you an instant security boost. 


e Check your system for updates. If you have a pending system update, save your 
work and important documents, create a system restore point, then install it! 


Unsure about system restore points? First, find out if system restore is working. If it isn't, 
there are several tips and tricks to get system restore working again. 


The next chapter covers everything you need to know about choosing a secure email 
provider, tips on stopping scammers spoofing your email address, setting up 2FA 
account security, and why email security is like a delicious cake. 
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Chapter 4 
How to Choose a Secure Email Provider 


Chapter 4 is all about secure email providers: how you choose a provider, what the most 
secure email clients are, how you enable 2FA account security, if you can stop scammers 
from spoofing your email address, and why email security (like all cybersecurity) is similar 
to a really delicious cake. 


Choosing a secure email provider is easier than you think. There's a good reason for that. 
Despite the numerous reports of breaches, vulnerabilities, hacks, and so on, the average 
internet user has never been safer in the "modern" internet era. 


There are numerous secure email providers out there. You have two questions to answer: 
What level of protection do you need? And how much are you willing to pay? You want your 
email client (the place you read your email) to be secure. You want your email to be secure 
in transit, too, using powerful encryption to protect your information further. You also don't 
want to break the bank, and in reality, you don't need to. 


Several excellent secure email services offer end-to-end encryption for your emails. 
End-to-end encryption means protection for your email from the moment you hit send to the 
moment your recipient opens it. (What happens on your recipient device is, as you read in 
Chapter1, out of your control.) 


Unfortunately, Outlook and Gmail don’t offer “end to end” encryption as standard. But, check 
out Chapter 5 to find out how you can add this functionality in Outlook—and why you cannot 


do the same in Gmail. 


Before considering the following secure email providers, consider the key features every 
secure email provider should deliver. 


ProtonMail 


Protonmail desktop app mobile app examples 
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ProtonMail is a free, open-source encrypted email provider. ProtonMail has a web client and 
apps for iOS and Android. How secure is ProtonMail? Well, unless your recipient has your 
email password, they cannot open your email. At all, ever. Even ProtonMail cannot (and will 
not) open your email, in any eventuality. Want another boost to your email security 
confidence? ProtonMail is based in Switzerland, one of the single-best countries for 
protecting private user data. 


Mailfence 
yA Mailfence 

v demoen@contactoffice.net | 2 New ~] Ø Refresh <\Reply a Replytoall > Forward [BJ Delete fy Move +++ Sort by v 
pam 2 oo safe with Mailfence Your data are safe with Malifence Dec 6, 2019 4:20 AM 
Trash 20 Your data are safe with Mailfence 
Drafts heor p 
span? Your ata are safe with Mailence Welcome to Mailfence 

> Tags E Your private, secure and encrypted 

eae email service 


Your data are safe with Mailfence 


Your data are safe with Mailfence Get your secure email 


Invitation to meeting Monthly meeting 


Mailfence protects your data against such systems. We value your data and 
Your data are safe with Mailfence privacy and thought it would be useful to inform you about how precisely we 
ntactofhoe manage data on our servers: 


* Your data and their back-ups are hosted exclusively on European soil. 
We therefore comply with the European and Belgian legislation and 
regulations, among others these regarding data protection. You have 
a right to consult, rectify and delete your data (the right to be 
forgotten). If you ask for the deletion of your account, all your data 
will be completely deleted from our application. 


Mailfence example email inbox 


Mailfence is an excellent free webmail service that not only encrypts your emails, but any 
calendars, notes, contacts, and documents you store using the service. All in all, for a free 
service, Mailfence is up there with ProtonMail in bringing the power of encryption to anyone 
that would like to try. 


MakeUseOf like’s Mailfence for more than its excellent encryption and security offering. 
Mailfence owner and developer, ContactOffice, donates 15% of the income from their 
paid-for Pro plan to the Electronic Frontier Foundation and the European Digital Rights 
Foundation. Furthermore, Mailfence is based in Belgium, renown for its strong privacy laws. 
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Tutanota 


Using Tutanota secure email on a laptop 


A Tutanota free account comes with 1GB storage and excellent end-to-end encryption. A 
premium account comes with extensive functionality, including sending Tutanota encrypted 
mail to non-Tutanota email addresses. You can send encrypted mail to non-Tutanota email 
addresses with a free account, but you will have to arrange an alternative secure delivery 
method for the password to unlock the email. 


It can be tricky figuring out which secure email provider to choose, so we’ve covered some 
of the best options, including ProtonMail and Tutanota. 


What Is 2FA and How Do You Use It? 


Two-factor authorization (2FA) is an important additional email account security feature. 2FA 
is a process which requires you to enter two different passwords to unlock your account. 


The first password is your unique password. (You learned about secure passwords in 
Chapter 2.) The second verification password is usually a time-limited code that is sent to 
another device, although you can use a fingerprint or other biometric scan in its place. The 
idea is that only the legitimate account owner should have access to the second piece of 
verification data, drastically increasing security. 


For instance, when | log into my email account, | enter my secure password. Because | have 
2FA turned on, moments later | receive a six digit code that | must enter into the login panel 
before the code expires. Without the second code, my email account remains locked. 


You might have already encountered 2FA when using an online banking portal, using a card 


reader or similar to create a one-time password to unlock your account. It isn’t just your 
online banking that uses 2FA—your email account can use it, too. 


www.makeuseof.com 17 


As you might have gathered from the above, there are different types of 2FA, all which have 
pros and cons. 


- SMS: You receive a security code on your mobile phone that you must enter on the 
website/app to unlock your account. 

- Email: You receive a security code on your email account that you must enter on the 
website/app to unlock your account 

- Authenticator apps: You open an app on your smartphone that creates a unique 
security code that changes every 30 seconds or so. You enter the code on the 
website/app to unlock your account. There are several popular authenticator apps to 
choose from. 

- Physical authentication keys: You have a physical USB security key that you must 
insert into your computer to unlock your account. There are several security key 
options to choose from. 

- App-based authentication and prompts: You attempt to sign into an account on a 
website, and the service sends a prompt to your smartphone. Amazon and Google 
are prime examples of this type of prompt. 


Unfortunately, we don’t have the space available to detail how to turn on 2-FA for the most 
popular services. However, we're not leaving you hanging; our article on securing your 
accounts with 2FA gives it a good go, covering popular social media and shopping apps. 
Once you’ve seen how to do it on those apps, you'll find it easier to seek out and switch on 
2FA in other apps, too. 


Can You Stop Scammers Spoofing Your Email Address? 


Last year, | received a surprising email. It was sent from my private email address back to 
the same address, and | was advertising some variety of dietary pills. From myself, to 
myself. A spammer was using my email address to send all kinds of irritating and potentially 
malicious mail. In a short time, my legitimate outgoing emails began heading straight into the 
recipient's spam box, filtered out because other people were (quite rightly) declaring my 
domain as a source of spam. 


So, can you stop spammers and scammers spoofing your domain? 


The answer comes down to your email provider. If you have control over the domain you 
send your email from, you can implement some of the measures in the linked article to stop 
a spoofer using your email address. 


However, if you use a free email provider, such as Gmail or Yahoo Mail, you have less 
control over the additional security protocols your inbox uses. Don't take that in the wrong 
way, though. Google and other free email providers still have a vested interest in stopping 
spam mail and email spoofing so using a free service doesn't automatically make you a 
bigger or easier spoof target than other services. 
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Email Security Is Delicious! 


Email security is like a gigantic, delicious cake. To truly secure your email account, you need 
layers. A password, two-factor authentication, encryption, and a VPN are all vital layers in 
your email security plan. 


Before ploughing into Chapter 5: 
e Follow one of the 2-FA guides to secure your email account. 
e Check out the free encrypted mail services and consider signing up for one. 


e Consider how many layers your security cake has and if you could add more. 


The next chapter features email encryption, encryption tools, and encrypting emails in Gmail 
and Outlook. See you there! 
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Chapter 5 
How to Encrypt Your Emails In Outlook and 
Gmail 


Chapter 5 covers everything encryption: encryption in Gmail and Outlook, third-party 
encryption utilities, and whether your emails need the additional security layer of encryption. 


Encryption in Gmail 


Google takes email security and privacy seriously. Well, to an extent. Remember, if you’re 
not paying for the product, you are the product. (It isn’t just you, there’s billion of us!) 
However, for the most part, Gmail is a secure email service with enough functionality for the 
vast majority of users. 


Gmail uses TLS encryption by default, so long as the recipient email server supports it. If 
you're sending email from and to a Google account, TLS is automatic. (TLS is a 
basic-but-effective level of encryption that many email services will use by default—see our 


article explaining email security protocols for more information on TLS encryption.) 


Gmail does have Confidential Mode, which you'll find in the tool tray at the bottom of the 
compose screen if you’re using a browser, or in the Settings menu if you're using iOS or 
Android. 


Once you toggle Confidential Mode, you can do two useful things. One, you can set a 
self-destruct timer for your email. It'll remove itself from the recipient inbox after a set period, 
which is handy. Though we have to stress that this doesn’t stop the recipient seeing the 
email. 


Second, you can set an SMS-based passcode using the recipients phone number. If you 
want to ensure that only the person you send the message to can open the email, enter their 
mobile phone number into the box. When they receive the email, Gmail will send them an 
SMS code to unlock the contents. 
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Confidential mode 
Recipients won't have the option to forward, copy, print, or download 
this email. This message may still be visible to your Google Workspace 


domain admins or Vault users for periods defined by the domain’s Gmail 
retention rules. Learn more 


SET EXPIRATION 


Expires in 1 week ~ Tue, Nov 29, 2022 


REQUIRE PASSCODE 


All passcodes will be generated by Google. @ 


©  NOoSMS passcode @ | SMS passcode 


Gavin Phillips 
tome v 


Verify identity 


To view this email, you must first confirm your identity. A one-time passcode 
will be sent to esses sees 72. 


Send passcode 


( © Reply ) 


Only paid-for G Suite accounts can add a personal digital certificate to a Gmail account. 
(And even then, your workplace or G Suite administrator may turn off such functionality.) If 
you have a paid-for G Suite account, follow Step 3: Upload Certificates on the official 


Google how to enable S/MIME tutorial. 
Otherwise, if you use a free Gmail account, feel free to skip forward to the Third-Party 


Encryption Tools section further down. It has some excellent third-party encryption tools that 
work perfectly with a Gmail account! 


www.makeuseof.com 21 


Encryption in Outlook 


Like Gmail, Microsoft Outlook will use TLS encryption where possible (if the email server 
supports the encryption protocol). 


Paid-for versions of Microsoft Outlook can upload a personal Digital Certificate to encrypt 
your email. That means those with an Office 365 subscription or with a standalone Microsoft 
Office license. Free versions of Microsoft Office Online and Outlook.com cannot install a 
personal digital certificate. This is a slight irritation, but nothing to worry about because there 
are secure third-party encryption tools—and you can check out three of the best down 
below. 


How to Install a Personal Digital Certificate in Outlook 


Here's how you install a personal Digital Certificate in Outlook. The Digital Certificate will 
allow you to sign and encrypt Outlook emails using S/MIME. However, your recipient must 
also support S/MIME, or the message will fail to send. 


1. Using Mozilla Firefox, head to Actalis Free Email Certificate. Please note that you 
cannot use Microsoft Edge or Google Chrome for this task. 


Bhewnus oc: 


il Certificate 


les for S/MIME secure 


Email 


2. Enter the email address you wish to secure in Outlook. This must match. 


3. Head to your email account and wait for the verification email. When it arrives, enter 
the verification code on the Actalis site. Please note the email may be in Italian. Don’t 
worry if this is the case, it’s perfectly secure. 


4. You'll now see a screen with another code on it. It’s very important to make a note of 


this code, as you'll use it to unlock the secure file Actalis will send to you. If you don’t 
have this code, you cannot unlock the file. 
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5. Head back to your email inbox. Actalis will now send a folder to you containing your 
secure file. You'll need to download it to your computer, then extract its contents. To 
do this, right-click the downloaded folder and select Extract. If you don’t see an 
option to extract the folder contents, check out our guide to the best tools to open 
RAR files. Download one that is suitable for your operating system (Windows, 
macOS, or Linux), then continue. 


6. Open the extracted folder. Inside, you'll find one file, which should have the name of 
your email address in the filename. Now, in Mozilla Firefox, head to Settings > 
Privacy & Security > View Certificates. You'll have to scroll down to find this option. 
Select the Your Certificates tab, then Import. Browse to the location of your folder 
and the file, and select it. The file should be imported immediately. 


Certificate Manager x 


Your Certificates Authentication Decisions People Servers Authorities 


You have certificates from these organisations that identify you 


Certificate Name Security Device Serial Number Expires On & 


.. 17 November 2023 


gavin@ Software Security Device 


> Gavin 


Backup All... Import... 


7. Next up, and still working within Mozilla Firefox, you need to extract the Digital 
Certificate from the browser Certificate Store. Reason being that the automatically 
downloaded certificate is in the wrong format. In Mozilla Firefox, head to Menu > 
Options > Privacy & Security, then scroll down to the Security section and select 
View Certificates. 


8. Select the Your Certificates tab, then select the Certificate Name for the relevant 
email address, and press Backup. Select a relevant and memorable filename, then 
Save the file to a memorable location. You must now create another password. This 
password is very important. It protects the backup file you are creating, as well as 
serving as a password when you install the Digital Certificate in another program. 
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Certificate Manager x 


Your Certificates Authentication Decisions People Servers Authorities 


You have certificates from these organisations that identify you 


Certificate Name Security Device Serial Number Expires On B 


~ Actalis S.p.A. 


> Gavin 


View... Backup... N Backup All... Import... Delete... 


9. Next, open Outlook (I’m using Outlook 365). Head to File > Options > Trust Center 
> Trust Center Settings > Email Security. Under Digital IDs, select Import/Export, 
then browse to the location you saved the Digital Certificate backup, select it, then 
press Open. Now, enter the backup password created in the previous step, and 
continue with default settings. 


Trust Center 2 x 
Trusted Publishers Encrypted email 
Privacy Options 
a Encrypt contents and attachments for outgoing messages 
Form-based Sign-in (e) 


Add digital signature to outgoing messages 


Email Security Send clear text signed message when sending signed messages 


Attachment Handling Request S/MIME receipt for all S/MIME signed messages 
Automatic Download Settings... 
Macro Settings Digital IDs (Certificates) 
Programmatic Access g Digital IDs or Certificates are documents that allow you to prove your identity in electronic transactions. 
Import/Export... 
Read as Plain Text 


Read all standard mail in plain text 


Script in Folders 


Allow script in shared folders 


Allow script in Public Folders 


Cancel 


10. Now, under the Encrypted Email section, you can add your Default Setting, using the 
Settings button to alter the level of encryption you add to each email. 
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Change Security Settings x 


Security Setting Preferences 
Security Settings Name: 


| My S/MIME Settings (gavin@ 


Cryptography Format: S/MIME 


z Default Security Setting for this cryptographic message format 


| Default Security Setting for all cryptographic messages 


| Security Labels... New Delete | 
| Certificates and Algorithms | 
| Signing Certificate: javin@ gavinphillips.co.uk Choose... 
| Hash Algorithm: SHA1 v | 
| Encryption Certificate: |gavin@gavinphill ouk Choose... 
| Encryption Algorithm: AES (256-bit) v 

M Send these certificates with signed messages 


As mentioned above, unless the person you are sending to also uses the same encryption 
protocol as you, your outgoing email will see an error message which is frustrating. 


Unfortunately, if your recipient doesn’t support incoming email encrypted with S/MIME, you 
will have to use an alternative secure messaging tool. For instance, the other email 
encryption methods listed below allow you to send an extremely secure message, to 
anyone, regardless of their inbox encryption settings. 


Third-Party Encryption Tools 


Encryption requires a password. The person you are sending an email to must have a way 
of unlocking your encryption. That is where public and private key cryptography comes to the 
fore. 


Before continuing with this section on third-party encryption tools, | strongly advise you 
read section seven and eight of my article exploring ten encryption terms you should 
know and understand. It will make some of the upcoming information much easier to digest! 
Another extremely informative read is this look at how encryption works and whether it is 


really safe. 


So, third-party encryption tools for email come in two shapes and sizes: for your desktop, 
and your browser. Desktop tools have the advantage of being multi-purpose, featuring Digital 
Certificate managers, decryption tools, and so on. Browser encryption tools have the 
advantage of being easy to use and normally have seamless integration with the service you 
are trying to use. 


When should you use encryption? Sending an email to your friend about her delicious 


apple pie? You can send that without additional encryption. Sending an email to your friend 
containing banking information? You should encrypt that email. You should encrypt emails 
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containing sensitive information. Traditionally sensitive information includes financial 
information, passwords, personally identifying information, and otherwise. 


Here are three third-party encryption tools you should check out, as well as where you 
should use each tool. 


1. OpenPGP 


Okay, so OpenPGP is an open source encryption protocol that started life as Phil 
Zimmerman's groundbreaking PGP (that stands for Pretty Good Privacy—yes, that's the 
actual name) protocol. Zimmerman realized early on that the world needed a free, 
open-source encryption protocol and at the time of writing, thousands of applications around 
the world use OpenPGP. 


There are several handy OpenPGP implementations for home users like you and I. 


Windows: Windows users should check out Gog4Win 
macOS: macOS users should check out GPGSuite 
Linux: Linux users should check out GnuPG 

Android: Android users should check out OpenKeychain 
iOS: iOS users should check out PGP Everywhere 


The implementation found in each of these programs is slightly different (they all have 
different developers putting the OpenPGP protocol to use encrypting your emails), but all are 
reliable. The key takeaway from these encryption tools is that you can freely encrypt emails 
to boost your security. 


You can also email other users using OpenPGP standard tools, too. For instance, you could 
email someone using one of the upcoming webmail encryption browser tools straight from 
your OpenPGP enabled Outlook desktop client. 


2. Mailvelope 


Mailvelope is an easy to use browser extension for Google Chrome and Mozilla Firefox. 
Mailvelope combines the "advantages of a cloud-based webmail solution . . . with OpenPGP 
encryption." 


It really is easy to use, working out of the box with webmail providers including Gmail, 
mail.ru, Outlook.com, Yahoo, Zoho Mail, and volny.cz. Furthermore, Mailvelope has help 
pages and support for GMX, Posteo, and WEB.DE. 


3. FlowCrypt 


FlowCrypt is another easy to use browser extension for Google Chrome and Mozilla Firefox 
that lets you encrypt your Gmail traffic, both emails and files in transit. There is a beta 
Android app still under development, and planned releases for macOS, iOS, and Linux, as 
well as client add-ons for Thunderbird and Microsoft Outlook. 


www.makeuseof.com 26 


FlowCrypt integrates seamlessly with Gmail. Many users point to the ease of setup and 
overall simplicity in comparison with other fully-featured encryption tools. However, unlike 
Mailvelope, FlowCrypt only works with Gmail accounts, so bear that in mind. 


Encryption Is Easy! 


Encryption doesn't have to feel overwhelming. The OpenPGP desktop and mobile 
implementations may feel overwhelming to begin with. There are a huge number of online 
resources that can guide you through the installation, setup, and overall use of each tool to 
make sure your email remains secure at all times. 


On the flipside, Mailvelope and FlowCrypt make sending encrypted emails to anyone simple. 
Now you’re up to speed with email encryption and third party encryption tools: 

e Check out the free encrypted mail accounts, and consider signing up for one 

e Think about the third-party encryption tools and how they fit into your email routine 

e Consider which instant messaging apps you use and if you feel secure using them 
Great news: you’re heading into the final chapter! Chapter 6 is all about secure instant 
messaging tools: what are they, are they safe, and can they truly replace an email account? 
Give a thought to the instant messaging tools you use; are you aware of their security 


features? Do you feel secure when you send a message? 


Chapter 6 delivers the low-down on secure instant messaging tools that you’ve been waiting 
for! 
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Chapter 6 
Are Instant Messaging Tools More Secure Than 
Your Email? 


Chapter 6 is dedicated to instant messaging services. What is an instant messenger? Can 
an instant messaging service replace your email account? And the key question: Are instant 
messaging services secure? 


What Is an Instant Messenger? 


An instant messenger is a service where you can send a direct message instantaneously to 
a contact. Contacts are usually friends, family, colleagues, and so on. Instant messengers 
have been an extremely popular method of communication since the early days of the 
internet, with modern instant messengers preceded by Internet Relay Chat (IRC), the 
Bulletin Board System (BBS), and other classic chat programs such as ICQ, MSN 
Messenger, AOL Instant Messenger, and others. 


As for modern instant messengers? Think WhatsApp, Facebook Messenger, and other apps 
that let you ping a message straight to your friend. Depending on the service, you can send 
instant messages to and from your desktop, smartphone, tablet, and laptop. 


Are Instant Messengers Secure? 


There are several very secure instant messengers. One service, WhatsApp, is credited with 
bringing end-to-end encryption (E2EE) to the masses. With over two billion users, the 
Facebook-owned encrypted messenger provides an extremely simple method for people to 
shield their communication from prying eyes. 


CS) Five a side up 


° @ 


LLLE 
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The fact that privacy destroying Meta owns WhatsApp (along with Instagram and Facebook) 
is beside the point, as the end-to-end encryption—that's encryption that protects your 
message from your device all the way to your recipients—is secure. 


WhatsApp uses the Signal Protocol, as does Facebook Messenger's Secret Conversation. 
Want to use Facebook Messenger Secret Conversation mode? We've explained how to turn 


on E2EE in Facebook Messenger, along with whether you can actually trust Secret 
Conversations. 


Are instant messengers good to go then? Not quite. It really does depend on the platform. 


e WhatsApp. Secured using the Signal Protocol, owned by Meta. While your 
messages are safe, there are justified concerns that Meta can piece together 
metadata to build more accurate information regarding users, which is why some 


prefer to use one of the many WhatsApp alternatives. 


e Signal. The Signal Protocol developers, Open Whisper Systems, have a secure 
instant messenger called Signal (using the same secure protocol). Signal drastically 
increased in user numbers in early 2021 after endorsements from Edward Snowden 
and Elon Musk in response to a WhatsApp policy change. 


e Telegram. “Secret chats” are secured using an encryption scheme called MTProto, 
but regular conversations in open channels are not. Telegram is owned by Pavel 
Durov, the brother of the encryption protocol developer, Nikolai Durov. (The brothers 
also developed the Russian version of Facebook, VK.) Telegram’s encryption 
receives regular criticism from encryption specialists for not being thoroughly tested 
as other encryption algorithms, yet the messaging service is still banned in Russia 
and attracts regular criticism from other governments. 


e Wickr. Wickr is a popular E2EE messaging app that features the option for 
ephemeral messages—that is, self-destructing messages on a timer. In 2017, Wickr 
turned its encryption standard open-source, allowing anyone to make use of it and, 
most importantly, any security researcher or cryptologist to examine it for 
vulnerabilities fully. As it turns out, Wickr's end-to-end encryption is solid and will 
keep your messages safe. However, Wickr was bought out by Amazon in June 2021, 
and while there is no indication that the e-commerce behemoth has compromised 
security, some users have jumped ship. 


e Threema. The Switzerland-based E2EE instant messenger bases its encryption on 
the open-source NaCl standard and has passed multiple external security audits to 
confirm the security on offer for your messages. Threema is the only app on this list 
with an upfront cost ($4 on Android and iOS), but for that small outlay, you get an 
extremely secure, featureful E2EE application. 


How do you choose between the secure instant messaging apps? In my experience, that 
decision is down to the people you communicate with. Threema is an excellent secure app, 
but as none of my friends or family use it, | won't be using it either. There are similar issues 
for Signal. | have around ten contacts on there, barely any of whom use it consistently. 
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Want to understand more about online privacy and messaging security? As you might 
expect, we’ve covered all manner of security and privacy issues, and here are some top 
articles to get you started: 


The Most Common Online Privacy Myths, Debunked 

Data Privacy Habits to Practice for Protecting Your Personal Information 
Privacy vs. Anonymity vs. Security: Why They Don't All Mean the Same Thing 
Free Privacy Tools You Gan Use on Any Device 


Should You Use an E2EE Messenger Instead of Secure Email? 


Deciding on the best method of secure conversation is difficult for everyday users and 
businesses alike. The level of security offered by the secure instant messengers is 
substantial. So substantial that numerous governments around the world want to ban their 
use. In countries with authoritarian regimes, such as Russia, Iran, and China, many secure 
messaging services are already banned and their use is considered a crime against the 
government. 


Alternatively, officials want the tech companies developing secure instant messengers to 
create encryption "backdoors" that would allow a government official to see the contents of a 
secure message. The idea that a developer could create a single-use backdoor is fanciful 
and shows a considerable lack of understanding as to how encryption and secure 
messaging services work. 


The biggest difference between "regular" email encryption (e.g., TLS), an E2EE instant 
messenger, and email using advanced encryption (e.g., third-party encryption) is how the 
content of your message displays once received. 


TLS encrypts your message content in transit, but once it hits your inbox, it displays in clear 
text where anyone can read it. It is a similar situation with a secure instant messenger. The 
message is secure with end-to-end encryption to protect from prying eyes in transit, but once 
it arrives on your device, be that laptop, smartphone, or otherwise, the message will display 
in cleartext. 


It is here that certain third-party encryption tools hold a significant advantage over the 
alternatives. Once a message hits your inbox, depending on the encryption utility you use, it 
will not automatically display the contents until manually decrypted. 


So, to answer the question, secure instant messengers are a fantastic, easy access utility 
that provides secure communication for billions of people every day, without having to give 
encryption, keys, passwords, and privacy much thought. But to replace secure email? 
Instant messengers have some way to go. 
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Just to be clear: 


e E2EE instant messages are excellent. You can use an E2EE message on a 
messaging app to send any message encrypted in transit. However, 


e Anemail secured using encryption is theoretically more secure than an E2EE 
message because of the additional layers of security you can add. 


What About Slack? 


Slack is a messaging service for organizations. Each team member has an account and can 
send a message to the rest of the users. Slack has been a revelation amongst messaging 
services, offering enormous workplaces the opportunity to run a private internal messaging 
service. It isn’t only for massive workplaces, though. My friends and | use a private Slack 
channel to keep in touch, for instance. 


The big question for many Slack users is “are my messages secure?” Unfortunately, the 
answer is simple: They are not as secure as you would hope. In that, paid-for Slack chat 
administrators can access and download the entire Slack chat history, including private 
chats. If an administrator turns this feature on after the Slack channel is open, users will 
receive a message informing them, but there is little a user can do other than rapidly delete 
messages that must remain secure. 


Furthermore, Slack doesn’t support any form of end-to-end encryption, as that would break 
Slack’s performance and monitoring tools. In short, if you’re using Slack, especially for work, 
keep your personal conversations away from the platform. 


Bringing E2EE to the Masses 


There's no doubt that WhatsApp has a strong shout as the tool that truly brought easy 
end-to-end encryption to the masses. Whether every user understands the power of E2EE, 
or would even care if they did realize is another question. 


The most important thing is that the option for encryption is there for the moment people 
want to send a secure message. 


Do you use a messaging service? Will you now switch to a more secure service? And would 


you ever consider leaving email behind completely if an instant messaging tool could offer 
the same functionality? 
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Your final two things to do are: 


e Check out the other secure instant messenger services 
e Read about why encryption backdoors are a terrible idea and why encryption is 
extremely important 


But, that’s not really the end. Fantastic, | hear you shout! Chapter 7, the final chapter, 


delivers a full roundup of all the links included throughout this book, and it’s a handy end if 
you want to refresh your memory on anything you've read. 


www.makeuseof.com 32 


Chapter 7 
The Email Fortress Rundown 


You’ve reached the end of The Email Fortress. Hopefully you’ve learned a lot about securing 
your inbox, protecting your incoming and outgoing mail, and making sure you are the master 
of your own (email) domain. So, why is there another chapter lurking at the end of your 
ebook? 


A quick run-down is the perfect finale and will help you drastically increase the security of 
your inbox. It’s also handy to come back to and have all the links in one place. 


Chapter 1: Why Do You Need Secure Email? 


In Chapter 1 you learned about the reasons behind secure email; why security is important, 
what it helps, and what a secure inbox stops taking place. You also took a look at the value 
of encryption and why your inbox, as well as the rest of the internet, cannot do without it. The 
final piece of information in this chapter was also one of the most important: email isn't 
secure. 


Here is the most important link for you to follow up from Chapter 1: 
- Email security protocols explained 


Chapter 2: Common Email Security Mistakes 


Chapter 2 covered the most common email security mistakes that everyone makes. 
Mistakes such as clicking suspicious links, reusing weak passwords, and poor spam filtering 
exposing your inbox to malicious email. 


You also learned the five best ways to spot spam and scam emails, as well as how to turn up 
your spam filter to reject more of the nasty stuff trying to get in. Finally, you took a long hard 
look at your passwords and whether they're a critical issue in your email security. 


Here are the most important links for you to follow up from Chapter 2: 


- What Is Phishing? How Dangerous Is It? 

- The Best Ways to Avoid Phishing Emails 

- Howto Avoid Outlook Junk Mail and Email Clutter 

- Howto Control Spam Emails in Gmail With Templates and Filters 
- What Is a Password Manager? 

- What Is the Best Password Manager for Your Device? 


Chapter 3: How Do | Use My Email Account Securely? 


This was a short lesson in using your email account securely. You looked at six tips that will 
secure your email account access in almost any situation. Furthermore, you learned about 
stopping scammers spoofing your email address as well as how you add two-factor 
authentication to your email account. 
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Here are the most important links for you to follow up from Chapter 3: 


- 5 Reasons to Upgrade to Malwarebytes Premium 

- What ls Two-Factor Authentication? Here's Why You Should Be Using It 

- Free vs. Paid VPNs: Which Should You Choose? 

- Want Private Internet? Here's How to Use NordVPN on Desktop and Mobile 
- ExpressVPN vs. Cyberghost - Comparing Top VPN Services 

- Bad VPNs You Must Avoid to Protect Your Privacy 

- The Best Netflix VPNs to Watch Anything 

- What Is the Best VPN for Amazon Eire Stick? 

- How to Check if System Restore Is Enabled on Windows 11 

- System Restore Not Working on Windows? Tips and Fixes to Try 


Chapter 4: Choosing a Secure Email Provider 


In Chapter 4, you were figuring out what features to look for in a secure email provider. 
There were also a handful of suggestions regarding secure email services, some free and 
some paid-for. Chapter 4 also covered how to use your email account securely, looking at 
both desktop and mobile security tips. 


Here are the most important links for you to follow up from Chapter 4: 


- Key Features to Expect From Secure Email Providers 

- The Most Secure and Encrypted Email Providers 

- The Pros and Cons of Two-Factor Authentication Types and Methods 
- The Best Two-Factor Authentication Apps to Protect Your Accounts 

- The Best Hardware Security Keys for Online Protection 

- Howto Secure Your Accounts With 2FA: Gmail, Outlook, and More 


- What Is Email Spoofing? How Scammers Forge Fake Emails 


Chapter 5: Email Encryption 


Chapter 5's email security lessons covered email encryption: third-party tools, how to encrypt 
emails in Gmail and Outlook, and the pros and cons of using additional encryption to secure 
your email. 


Here are the most important links for you to follow up from Chapter 5: 


- Common Email Security Protocols Explained 

- The Best Tools to Open RAR Files 

- Basic Encryption Terms Everyone Should Know 

- How Does Encryption Work? Is Encryption Actually Safe? 


Chapter 6: Are Instant Messaging Apps Secure? 


Instant messaging apps play a huge part in our day-to-day communication, so why not 
consider their security and privacy on the same level as your email account? That's what 
Chapter 6 was all about: are instant messaging apps secure? Moreover, are they secure 
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enough to replace your email account entirely? There were some handy tips on which 
instant messaging apps are the most secure. 


Here are the most important links for you to follow up from Chapter 6: 


- What Is End-to-End Encryption? 

- Howto Enable End-to-End Encryption on Facebook Messenger 

- Are Facebook Messenger Secret Conversations Really Secure? 

- WhatsApp Alternatives That Don’t Share Your Data With Facebook 

- The Most Common Online Priv Myths, D nk 

- Data Privacy Habits to Practice for Protecting Your Personal Information 

- Privacy vs. Anonymity vs. Security: Why They Don't All Mean the Same Thing 
- Free Privacy Tools You Can Use on Any Device 


Ebook Complete: Your Email Is Secure 
Okay, you have now read and learned your way through The Email Fortress. 
You now carry the powerful knowledge of how to keep spammers, scammers, and other 


ne'er do wells out of your inbox. You know how to scramble the contents of your outgoing 
emails so only the recipient can read them. There was information on secure email 


providers, third-party encryption tools, and even tips on how to securely access your email 


from any device. 


Thank you for reading and learning. 
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